<?php
session_start();
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>Wellcome to Charity Organization!</title>
</head>

<body>
<div id="container">
		<div id="header">
			<h1>Charity<span class="off">Organization</span></h1>
        </div>   
        <div id="menu">
        </div>
    
		<div id="content">
        <div id="content_top"></div>
		<div id="content_main">
		<?php
		$link =mysql_connect('localhost','root','');
		if (!$link) {
			die('Not connected : ' . mysql_error());
		}
		$db_selected = mysql_select_db('seproject', $link);
		if (!$db_selected) {
			die ('Cannot useSeproject : ' . mysql_error());
		}
		$PersonelID=$_SESSION["PersonelID"];
		$CurPassword=$_POST["CurPassword"];
		$NewPassword=$_POST["NewPassword"];
		$retypeNewPassword=$_POST["retypeNewPassword"];
		
		
		$query=mysql_query("SELECT Password FROM personel where `PersonelID`='$PersonelID'");
		$a=mysql_fetch_row($query);
		$Password=$a[0];
		if($Password!=$CurPassword)
		{
			echo "Your current password is wrong! Retype Again!";
			?>
			<a href="EditPassP.php">Back</a>	
			<?php
		}
		else if($NewPassword!=$retypeNewPassword)
		{
			echo "Password doesn't match! Retype Again!";
			?>
			<a href="EditPassP.php">Back</a>	
			<?php
		}
		else
		{		
			$Password=$NewPassword;
			$sql = mysql_query("update personel set `Password`='$Password' where `PersonelID`='$PersonelID'");
			if($sql)
			{
				echo "Your password has been changed!";
				?>
				<a href="homeP.php">Go to homepage</a>
				<?php
			}
			else
			{
				echo "Change password has been failed!";
				?>
				<a href="EditPassP.php">Back</a>
				<?php
			}
		}
		?>
		</div>
        <div id="content_bottom"></div>
      </div>
   </div>
</body>
</html>
